<?php
	$user_role = array('id' => intval($_REQUEST['user_roles_id']));
	
	if (local_post()) {
		$errors = array();
		//check for duplicate username
		if (empty($_POST['name'])) $errors[] = 'Please name the role.';
		
		if (!empty($errors)) errors($errors);
		else {
			$user_role['name'] = db_escape_string($_POST['name']);
			
			$user_role = db_save($user_role, 'user_roles');
		
		
			if (authorized('user_roles_module_access', 'delete', true) && authorized('user_roles_module_access', 'insert', true)) { 
  			//save roles
  			db_query("DELETE FROM user_roles_module_access WHERE user_roles_id = {$user_role['id']}");
  			foreach ($_POST['modules'] as $modules_id => $file) {
  				db_query("INSERT INTO user_roles_module_access (user_roles_id, modules_id, file) VALUES ({$user_role['id']}, $modules_id, $file)");
  			}
			} else warning('You do not have permission to edit Module Access.');
		
		
			if (authorized('user_roles_data_access', 'delete', true) && authorized('user_roles_data_access', 'insert', true)) { 
  			//save roles
  			db_query("DELETE FROM user_roles_data_access WHERE user_roles_id = {$user_role['id']}");
  			foreach ($_POST['tables'] as $table => $action) {
  				db_query("INSERT INTO user_roles_data_access (user_roles_id, table, action) VALUES ({$user_role['id']}, '$table', '$action')");
  			}
			} else warning('You do not have permission to edit Data Access.');
			
			
			if ($_POST['button'] == 'Save and Close') location('/users/admin/roles/index');
			elseif ($_POST['button'] == 'Save and New') location('/users/admin/roles/edit');
		}
	}
	
	$user_role = db_select($user_role['id'], 'user_roles');
?>

<form action="?user_roles_id=<?php echo $user_role['id']?>" method="post">
	<fieldset>
		<legend>User Role</legend>
		
		<label for="name">
			Name
			<input type="text" name="name" id="name" value="<?php echo $user_role['name']?>" />
		</label>
	</fieldset>
	
	<fieldset>
		<legend>Modules Access</legend>
		
		<ul>
  	<?php
  		$sql = "SELECT id, name, folder FROM modules ORDER BY name ASC";
			$qry = db_query($sql);
			while ($module = db_fetch_assoc($qry)) {
		?>
			<li><?php echo $module['name']?>
				<ul>
				<?php
					foreach (scandir(PHPDRIVER . "modules/{$module['folder']}/") as $file) {
						if (substr($file, 0, 1) == '.' || is_dir(PHPDRIVER . "modules/{$module['folder']}/$file")) continue;
						$file = basename($file, '.php');
						
						if ($user_role['id'] == -1) $checked = 'checked="checked" disabled="disabled" ';
						else {
  						$sql = "SELECT COUNT(1) FROM user_roles_module_access WHERE user_roles_id = {$user_role['id']} AND modules_id = {$module['id']} AND file = '$file'";
  						$checked = (db_result(db_query($sql), 0) > 0) ? 'checked="checked" ' : '';
						}
				?>
    			<li>
    				<label for="module_<?php echo $module['id']?>_<?php echo $file?>">
    					<input type="checkbox" name="modules[<?php echo $module['id']?>][]" id="module_<?php echo $module['id']?>_<?php echo $file?>" value="<?php echo $file?>" <?php echo $checked?>/>
    					<?php echo $file?>
    				</label>
    			</li>
				<?php
					}
				?>
				</ul>
			</li>
		<?php
			}
  	?>
		</ul>
	</fieldset>
	
	<fieldset>
		<legend>Database Tables Access</legend>
		
		<ul>
  	<?php
  		$sql = "SHOW tables";
			$qry = db_query($sql);
			while ($table = db_fetch_assoc($qry)) {
				$table_name = array_shift($table);
		?>
			<li><?php echo $table_name?>
				<ul>
				<?php
					foreach (array('SELECT', 'INSERT', 'UPDATE', 'DELETE') as $action) {
						if ($user_role['id'] == -1) $checked = 'checked="checked" disabled="disabled" ';
						else {
  						$sql = "SELECT COUNT(1) FROM user_roles_data_access WHERE user_roles_id = {$user_role['id']} AND table = '{$table['name']}' AND action = '$action'";
  						$checked = (db_result(db_query($sql), 0) > 0) ? 'checked="checked" ' : '';
						}
				?>
    			<li>
    				<label for="data_<?php echo $table_name?>_<?php echo $action?>">
    					<input type="checkbox" name="data[<?php echo $table_name?>][]" id="module_<?php echo $table_name?>_<?php echo $action?>" value="<?php echo $action?>" <?php echo $checked?>/>
    					<?php echo $action?>
    				</label>
    			</li>
				<?php
					}
				?>
				</ul>
			</li>
		<?php
			}
  	?>
		</ul>
	</fieldset>
	
	<?php save_buttons(); ?>
</form>